Syndicated

It’s impossible for any organization to work alone. No enterprise controls every aspect of its operations, so partners and suppliers are needed to survive.

But a security blogger says a heating, ventilation and air conditioning (HVAC) company is partly the reason why hackers were able to break into retailer Target Brands Inc.’s point of sales system.

How? The HVAC maintenance company had access to Target’s network to do remote monitoring of energy consumption and temperatures. The hackers reportedly stole a username and password from the maintenance firm.

The report was first carried by the Web site Krebs on Security by author Brian Krebs and expanded on by Computerworld U.S.

As Krebs points out, it’s not clear why the environmental system could link to Target’s payment system. But if the report is true it’s a prime warning to IT managers that certain parts of any network – and it won’t take much imagination to figure out which ones: Those dealing with personal information and finance — have to be segregated from the rest.

Outside suppliers and partners will for valid reasons want to have access to certain network elements from time to time. That can’t be stopped. But best practices in almost any industry should mandate network segregation.

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.